relevance-tarantula 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/MIT-LICENSE +20 -0
- data/README.rdoc +70 -0
- data/Rakefile +79 -0
- data/init.rb +1 -0
- data/install.rb +1 -0
- data/laf/images/background.jpg +0 -0
- data/laf/images/relevance-os-logo.gif +0 -0
- data/laf/images/tab.png +0 -0
- data/laf/images/table-sort.gif +0 -0
- data/laf/images/tarantula-sprites.png +0 -0
- data/laf/javascripts/jquery-1.2.3.js +3408 -0
- data/laf/javascripts/jquery-ui-tabs.js +890 -0
- data/laf/javascripts/jquery.tablesorter.js +861 -0
- data/laf/javascripts/tarantula.js +10 -0
- data/laf/stylesheets/tarantula.css +638 -0
- data/laf/stylesheets/ui.tabs.css +113 -0
- data/lib/relevance/core_extensions/ellipsize.rb +34 -0
- data/lib/relevance/core_extensions/file.rb +9 -0
- data/lib/relevance/core_extensions/response.rb +9 -0
- data/lib/relevance/core_extensions/test_case.rb +12 -0
- data/lib/relevance/tarantula/attack.rb +15 -0
- data/lib/relevance/tarantula/attack_form_submission.rb +75 -0
- data/lib/relevance/tarantula/attack_handler.rb +37 -0
- data/lib/relevance/tarantula/crawler.rb +240 -0
- data/lib/relevance/tarantula/detail.html.erb +77 -0
- data/lib/relevance/tarantula/form.rb +21 -0
- data/lib/relevance/tarantula/form_submission.rb +70 -0
- data/lib/relevance/tarantula/html_document_handler.rb +36 -0
- data/lib/relevance/tarantula/html_report_helper.rb +56 -0
- data/lib/relevance/tarantula/html_reporter.rb +105 -0
- data/lib/relevance/tarantula/index.html.erb +48 -0
- data/lib/relevance/tarantula/invalid_html_handler.rb +18 -0
- data/lib/relevance/tarantula/io_reporter.rb +34 -0
- data/lib/relevance/tarantula/link.rb +56 -0
- data/lib/relevance/tarantula/log_grabber.rb +16 -0
- data/lib/relevance/tarantula/rails_integration_proxy.rb +70 -0
- data/lib/relevance/tarantula/recording.rb +12 -0
- data/lib/relevance/tarantula/response.rb +13 -0
- data/lib/relevance/tarantula/result.rb +66 -0
- data/lib/relevance/tarantula/test_report.html.erb +34 -0
- data/lib/relevance/tarantula/tidy_handler.rb +32 -0
- data/lib/relevance/tarantula/transform.rb +17 -0
- data/lib/relevance/tarantula.rb +63 -0
- data/manifest.txt +114 -0
- data/tarantula.gemspec +42 -0
- data/tasks/tarantula_tasks.rake +34 -0
- data/template/tarantula_test.rb +12 -0
- data/test/relevance/core_extensions/ellipsize_test.rb +19 -0
- data/test/relevance/core_extensions/file_test.rb +8 -0
- data/test/relevance/core_extensions/response_test.rb +29 -0
- data/test/relevance/core_extensions/test_case_test.rb +17 -0
- data/test/relevance/tarantula/attack_form_submission_test.rb +79 -0
- data/test/relevance/tarantula/attack_handler_test.rb +30 -0
- data/test/relevance/tarantula/crawler_test.rb +297 -0
- data/test/relevance/tarantula/form_submission_test.rb +71 -0
- data/test/relevance/tarantula/form_test.rb +50 -0
- data/test/relevance/tarantula/html_document_handler_test.rb +44 -0
- data/test/relevance/tarantula/html_report_helper_test.rb +48 -0
- data/test/relevance/tarantula/html_reporter_test.rb +82 -0
- data/test/relevance/tarantula/invalid_html_handler_test.rb +34 -0
- data/test/relevance/tarantula/io_reporter_test.rb +12 -0
- data/test/relevance/tarantula/link_test.rb +49 -0
- data/test/relevance/tarantula/log_grabber_test.rb +27 -0
- data/test/relevance/tarantula/rails_integration_proxy_test.rb +95 -0
- data/test/relevance/tarantula/result_test.rb +86 -0
- data/test/relevance/tarantula/tidy_handler_test.rb +59 -0
- data/test/relevance/tarantula/transform_test.rb +21 -0
- data/test/relevance/tarantula_test.rb +23 -0
- data/test/test_helper.rb +32 -0
- data/uninstall.rb +1 -0
- data/vendor/xss-shield/MIT-LICENSE +20 -0
- data/vendor/xss-shield/README +76 -0
- data/vendor/xss-shield/init.rb +16 -0
- data/vendor/xss-shield/lib/xss_shield/erb_hacks.rb +111 -0
- data/vendor/xss-shield/lib/xss_shield/haml_hacks.rb +42 -0
- data/vendor/xss-shield/lib/xss_shield/safe_string.rb +47 -0
- data/vendor/xss-shield/lib/xss_shield/secure_helpers.rb +40 -0
- data/vendor/xss-shield/lib/xss_shield.rb +6 -0
- data/vendor/xss-shield/test/test_actionview_integration.rb +40 -0
- data/vendor/xss-shield/test/test_erb.rb +44 -0
- data/vendor/xss-shield/test/test_haml.rb +43 -0
- data/vendor/xss-shield/test/test_helpers.rb +25 -0
- data/vendor/xss-shield/test/test_safe_string.rb +55 -0
- metadata +256 -0
@@ -0,0 +1,17 @@
|
|
1
|
+
class Relevance::Tarantula::Transform
|
2
|
+
attr_accessor :from, :to
|
3
|
+
def initialize(from, to)
|
4
|
+
@from = from
|
5
|
+
@to = to
|
6
|
+
end
|
7
|
+
def [](string)
|
8
|
+
case to
|
9
|
+
when Proc
|
10
|
+
string.gsub(from, &to)
|
11
|
+
else
|
12
|
+
string.gsub(from, to)
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
|
@@ -0,0 +1,63 @@
|
|
1
|
+
require 'forwardable'
|
2
|
+
|
3
|
+
TARANTULA_ROOT = File.expand_path(File.join(File.dirname(__FILE__), "../.."))
|
4
|
+
|
5
|
+
# bringing in xss-shield requires a bunch of other dependencies
|
6
|
+
# still not certain about this, if it ruins your world please let me know
|
7
|
+
require 'erb'
|
8
|
+
gem 'activesupport'
|
9
|
+
gem 'actionpack'
|
10
|
+
require 'active_support'
|
11
|
+
require 'action_controller'
|
12
|
+
#xss_shield_path = File.join(TARANTULA_ROOT, %w{vendor xss-shield})
|
13
|
+
#$: << File.join(xss_shield_path, "lib")
|
14
|
+
#require File.join(xss_shield_path, "init")
|
15
|
+
|
16
|
+
require 'htmlentities'
|
17
|
+
require 'facets/kernel/meta'
|
18
|
+
require 'facets/metaid'
|
19
|
+
|
20
|
+
module Relevance; end
|
21
|
+
module Relevance; module CoreExtensions; end; end
|
22
|
+
module Relevance
|
23
|
+
module Tarantula
|
24
|
+
VERSION = "0.0.1"
|
25
|
+
|
26
|
+
def tarantula_home
|
27
|
+
File.expand_path(File.join(File.dirname(__FILE__), "../.."))
|
28
|
+
end
|
29
|
+
def log(msg)
|
30
|
+
puts msg if verbose
|
31
|
+
end
|
32
|
+
def rails_root
|
33
|
+
::RAILS_ROOT
|
34
|
+
end
|
35
|
+
def verbose
|
36
|
+
ENV["VERBOSE"]
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
require File.expand_path(File.join(File.dirname(__FILE__), "core_extensions", "test_case"))
|
42
|
+
require File.expand_path(File.join(File.dirname(__FILE__), "core_extensions", "ellipsize"))
|
43
|
+
require File.expand_path(File.join(File.dirname(__FILE__), "core_extensions", "file"))
|
44
|
+
require File.expand_path(File.join(File.dirname(__FILE__), "core_extensions", "response"))
|
45
|
+
|
46
|
+
require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "html_reporter"))
|
47
|
+
require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "html_report_helper"))
|
48
|
+
require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "io_reporter"))
|
49
|
+
require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "recording"))
|
50
|
+
require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "response"))
|
51
|
+
require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "result"))
|
52
|
+
require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "log_grabber"))
|
53
|
+
require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "invalid_html_handler"))
|
54
|
+
require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "transform"))
|
55
|
+
require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "crawler"))
|
56
|
+
require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "form"))
|
57
|
+
require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "form_submission"))
|
58
|
+
require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "attack"))
|
59
|
+
require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "attack_form_submission"))
|
60
|
+
require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "attack_handler"))
|
61
|
+
require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "link"))
|
62
|
+
|
63
|
+
require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "tidy_handler")) if ENV['TIDY_PATH']
|
data/manifest.txt
ADDED
@@ -0,0 +1,114 @@
|
|
1
|
+
MIT-LICENSE
|
2
|
+
README.rdoc
|
3
|
+
Rakefile
|
4
|
+
init.rb
|
5
|
+
install.rb
|
6
|
+
laf/images/background.jpg
|
7
|
+
laf/images/relevance-os-logo.gif
|
8
|
+
laf/images/tab.png
|
9
|
+
laf/images/table-sort.gif
|
10
|
+
laf/images/tarantula-sprites.png
|
11
|
+
laf/javascripts/jquery-1.2.3.js
|
12
|
+
laf/javascripts/jquery-ui-tabs.js
|
13
|
+
laf/javascripts/jquery.tablesorter.js
|
14
|
+
laf/javascripts/tarantula.js
|
15
|
+
laf/stylesheets/tarantula.css
|
16
|
+
laf/stylesheets/ui.tabs.css
|
17
|
+
lib/relevance/core_extensions/ellipsize.rb
|
18
|
+
lib/relevance/core_extensions/file.rb
|
19
|
+
lib/relevance/core_extensions/response.rb
|
20
|
+
lib/relevance/core_extensions/test_case.rb
|
21
|
+
lib/relevance/tarantula/attack.rb
|
22
|
+
lib/relevance/tarantula/attack_form_submission.rb
|
23
|
+
lib/relevance/tarantula/attack_handler.rb
|
24
|
+
lib/relevance/tarantula/crawler.rb
|
25
|
+
lib/relevance/tarantula/detail.html.erb
|
26
|
+
lib/relevance/tarantula/form.rb
|
27
|
+
lib/relevance/tarantula/form_submission.rb
|
28
|
+
lib/relevance/tarantula/html_document_handler.rb
|
29
|
+
lib/relevance/tarantula/html_report_helper.rb
|
30
|
+
lib/relevance/tarantula/html_reporter.rb
|
31
|
+
lib/relevance/tarantula/index.html.erb
|
32
|
+
lib/relevance/tarantula/invalid_html_handler.rb
|
33
|
+
lib/relevance/tarantula/io_reporter.rb
|
34
|
+
lib/relevance/tarantula/link.rb
|
35
|
+
lib/relevance/tarantula/log_grabber.rb
|
36
|
+
lib/relevance/tarantula/rails_integration_proxy.rb
|
37
|
+
lib/relevance/tarantula/recording.rb
|
38
|
+
lib/relevance/tarantula/response.rb
|
39
|
+
lib/relevance/tarantula/result.rb
|
40
|
+
lib/relevance/tarantula/test_report.html.erb
|
41
|
+
lib/relevance/tarantula/tidy_handler.rb
|
42
|
+
lib/relevance/tarantula/transform.rb
|
43
|
+
lib/relevance/tarantula.rb
|
44
|
+
tasks/tarantula_tasks.rake
|
45
|
+
template/tarantula_test.rb
|
46
|
+
test/relevance/core_extensions/ellipsize_test.rb
|
47
|
+
test/relevance/core_extensions/file_test.rb
|
48
|
+
test/relevance/core_extensions/response_test.rb
|
49
|
+
test/relevance/core_extensions/test_case_test.rb
|
50
|
+
test/relevance/tarantula/attack_form_submission_test.rb
|
51
|
+
test/relevance/tarantula/attack_handler_test.rb
|
52
|
+
test/relevance/tarantula/crawler_test.rb
|
53
|
+
test/relevance/tarantula/form_submission_test.rb
|
54
|
+
test/relevance/tarantula/form_test.rb
|
55
|
+
test/relevance/tarantula/html_document_handler_test.rb
|
56
|
+
test/relevance/tarantula/html_report_helper_test.rb
|
57
|
+
test/relevance/tarantula/html_reporter_test.rb
|
58
|
+
test/relevance/tarantula/invalid_html_handler_test.rb
|
59
|
+
test/relevance/tarantula/io_reporter_test.rb
|
60
|
+
test/relevance/tarantula/link_test.rb
|
61
|
+
test/relevance/tarantula/log_grabber_test.rb
|
62
|
+
test/relevance/tarantula/rails_integration_proxy_test.rb
|
63
|
+
test/relevance/tarantula/result_test.rb
|
64
|
+
test/relevance/tarantula/tidy_handler_test.rb
|
65
|
+
test/relevance/tarantula/transform_test.rb
|
66
|
+
test/relevance/tarantula_test.rb
|
67
|
+
test/test_helper.rb
|
68
|
+
tmp/test_output/images/background.jpg
|
69
|
+
tmp/test_output/images/relevance-os-logo.gif
|
70
|
+
tmp/test_output/images/tab.png
|
71
|
+
tmp/test_output/images/table-sort.gif
|
72
|
+
tmp/test_output/images/tarantula-sprites.png
|
73
|
+
tmp/test_output/index.html
|
74
|
+
tmp/test_output/javascripts/jquery-1.2.3.js
|
75
|
+
tmp/test_output/javascripts/jquery-ui-tabs.js
|
76
|
+
tmp/test_output/javascripts/jquery.tablesorter.js
|
77
|
+
tmp/test_output/javascripts/tarantula.js
|
78
|
+
tmp/test_output/stylesheets/tarantula.css
|
79
|
+
tmp/test_output/stylesheets/ui.tabs.css
|
80
|
+
tmp/test_output/test_user_pages/1.html
|
81
|
+
tmp/test_output/test_user_pages/10.html
|
82
|
+
tmp/test_output/test_user_pages/11.html
|
83
|
+
tmp/test_output/test_user_pages/12.html
|
84
|
+
tmp/test_output/test_user_pages/13.html
|
85
|
+
tmp/test_output/test_user_pages/14.html
|
86
|
+
tmp/test_output/test_user_pages/15.html
|
87
|
+
tmp/test_output/test_user_pages/16.html
|
88
|
+
tmp/test_output/test_user_pages/17.html
|
89
|
+
tmp/test_output/test_user_pages/18.html
|
90
|
+
tmp/test_output/test_user_pages/19.html
|
91
|
+
tmp/test_output/test_user_pages/2.html
|
92
|
+
tmp/test_output/test_user_pages/20.html
|
93
|
+
tmp/test_output/test_user_pages/3.html
|
94
|
+
tmp/test_output/test_user_pages/4.html
|
95
|
+
tmp/test_output/test_user_pages/5.html
|
96
|
+
tmp/test_output/test_user_pages/6.html
|
97
|
+
tmp/test_output/test_user_pages/7.html
|
98
|
+
tmp/test_output/test_user_pages/8.html
|
99
|
+
tmp/test_output/test_user_pages/9.html
|
100
|
+
uninstall.rb
|
101
|
+
vendor/xss-shield/MIT-LICENSE
|
102
|
+
vendor/xss-shield/README
|
103
|
+
vendor/xss-shield/init.rb
|
104
|
+
vendor/xss-shield/lib/xss_shield/erb_hacks.rb
|
105
|
+
vendor/xss-shield/lib/xss_shield/haml_hacks.rb
|
106
|
+
vendor/xss-shield/lib/xss_shield/safe_string.rb
|
107
|
+
vendor/xss-shield/lib/xss_shield/secure_helpers.rb
|
108
|
+
vendor/xss-shield/lib/xss_shield.rb
|
109
|
+
vendor/xss-shield/test/test_actionview_integration.rb
|
110
|
+
vendor/xss-shield/test/test_erb.rb
|
111
|
+
vendor/xss-shield/test/test_haml.rb
|
112
|
+
vendor/xss-shield/test/test_helpers.rb
|
113
|
+
vendor/xss-shield/test/test_safe_string.rb
|
114
|
+
manifest.txt
|
data/tarantula.gemspec
ADDED
@@ -0,0 +1,42 @@
|
|
1
|
+
Gem::Specification.new do |s|
|
2
|
+
s.name = %q{tarantula}
|
3
|
+
s.version = "0.0.1"
|
4
|
+
|
5
|
+
s.required_rubygems_version = Gem::Requirement.new("= 1.2") if s.respond_to? :required_rubygems_version=
|
6
|
+
s.authors = ["Relevance"]
|
7
|
+
s.date = %q{2008-09-05}
|
8
|
+
s.description = %q{A big hairy fuzzy spider that crawls your site, wreaking havoc}
|
9
|
+
s.email = %q{opensource@thinkrelevance.com}
|
10
|
+
s.extra_rdoc_files = ["MIT-LICENSE", "README.rdoc", "lib/relevance/core_extensions/ellipsize.rb", "lib/relevance/core_extensions/file.rb", "lib/relevance/core_extensions/response.rb", "lib/relevance/core_extensions/test_case.rb", "lib/relevance/tarantula/attack.rb", "lib/relevance/tarantula/attack_form_submission.rb", "lib/relevance/tarantula/attack_handler.rb", "lib/relevance/tarantula/crawler.rb", "lib/relevance/tarantula/detail.html.erb", "lib/relevance/tarantula/form.rb", "lib/relevance/tarantula/form_submission.rb", "lib/relevance/tarantula/html_document_handler.rb", "lib/relevance/tarantula/html_report_helper.rb", "lib/relevance/tarantula/html_reporter.rb", "lib/relevance/tarantula/index.html.erb", "lib/relevance/tarantula/invalid_html_handler.rb", "lib/relevance/tarantula/io_reporter.rb", "lib/relevance/tarantula/link.rb", "lib/relevance/tarantula/log_grabber.rb", "lib/relevance/tarantula/rails_integration_proxy.rb", "lib/relevance/tarantula/recording.rb", "lib/relevance/tarantula/response.rb", "lib/relevance/tarantula/result.rb", "lib/relevance/tarantula/test_report.html.erb", "lib/relevance/tarantula/tidy_handler.rb", "lib/relevance/tarantula/transform.rb", "lib/relevance/tarantula.rb", "vendor/xss-shield/MIT-LICENSE"]
|
11
|
+
s.files = ["MIT-LICENSE", "README.rdoc", "Rakefile", "init.rb", "install.rb", "laf/images/background.jpg", "laf/images/relevance-os-logo.gif", "laf/images/tab.png", "laf/images/table-sort.gif", "laf/images/tarantula-sprites.png", "laf/javascripts/jquery-1.2.3.js", "laf/javascripts/jquery-ui-tabs.js", "laf/javascripts/jquery.tablesorter.js", "laf/javascripts/tarantula.js", "laf/stylesheets/tarantula.css", "laf/stylesheets/ui.tabs.css", "lib/relevance/core_extensions/ellipsize.rb", "lib/relevance/core_extensions/file.rb", "lib/relevance/core_extensions/response.rb", "lib/relevance/core_extensions/test_case.rb", "lib/relevance/tarantula/attack.rb", "lib/relevance/tarantula/attack_form_submission.rb", "lib/relevance/tarantula/attack_handler.rb", "lib/relevance/tarantula/crawler.rb", "lib/relevance/tarantula/detail.html.erb", "lib/relevance/tarantula/form.rb", "lib/relevance/tarantula/form_submission.rb", "lib/relevance/tarantula/html_document_handler.rb", "lib/relevance/tarantula/html_report_helper.rb", "lib/relevance/tarantula/html_reporter.rb", "lib/relevance/tarantula/index.html.erb", "lib/relevance/tarantula/invalid_html_handler.rb", "lib/relevance/tarantula/io_reporter.rb", "lib/relevance/tarantula/link.rb", "lib/relevance/tarantula/log_grabber.rb", "lib/relevance/tarantula/rails_integration_proxy.rb", "lib/relevance/tarantula/recording.rb", "lib/relevance/tarantula/response.rb", "lib/relevance/tarantula/result.rb", "lib/relevance/tarantula/test_report.html.erb", "lib/relevance/tarantula/tidy_handler.rb", "lib/relevance/tarantula/transform.rb", "lib/relevance/tarantula.rb", "tasks/tarantula_tasks.rake", "template/tarantula_test.rb", "test/relevance/core_extensions/ellipsize_test.rb", "test/relevance/core_extensions/file_test.rb", "test/relevance/core_extensions/response_test.rb", "test/relevance/core_extensions/test_case_test.rb", "test/relevance/tarantula/attack_form_submission_test.rb", "test/relevance/tarantula/attack_handler_test.rb", "test/relevance/tarantula/crawler_test.rb", "test/relevance/tarantula/form_submission_test.rb", "test/relevance/tarantula/form_test.rb", "test/relevance/tarantula/html_document_handler_test.rb", "test/relevance/tarantula/html_report_helper_test.rb", "test/relevance/tarantula/html_reporter_test.rb", "test/relevance/tarantula/invalid_html_handler_test.rb", "test/relevance/tarantula/io_reporter_test.rb", "test/relevance/tarantula/link_test.rb", "test/relevance/tarantula/log_grabber_test.rb", "test/relevance/tarantula/rails_integration_proxy_test.rb", "test/relevance/tarantula/result_test.rb", "test/relevance/tarantula/tidy_handler_test.rb", "test/relevance/tarantula/transform_test.rb", "test/relevance/tarantula_test.rb", "test/test_helper.rb", "tmp/test_output/images/background.jpg", "tmp/test_output/images/relevance-os-logo.gif", "tmp/test_output/images/tab.png", "tmp/test_output/images/table-sort.gif", "tmp/test_output/images/tarantula-sprites.png", "tmp/test_output/index.html", "tmp/test_output/javascripts/jquery-1.2.3.js", "tmp/test_output/javascripts/jquery-ui-tabs.js", "tmp/test_output/javascripts/jquery.tablesorter.js", "tmp/test_output/javascripts/tarantula.js", "tmp/test_output/stylesheets/tarantula.css", "tmp/test_output/stylesheets/ui.tabs.css", "tmp/test_output/test_user_pages/1.html", "tmp/test_output/test_user_pages/10.html", "tmp/test_output/test_user_pages/11.html", "tmp/test_output/test_user_pages/12.html", "tmp/test_output/test_user_pages/13.html", "tmp/test_output/test_user_pages/14.html", "tmp/test_output/test_user_pages/15.html", "tmp/test_output/test_user_pages/16.html", "tmp/test_output/test_user_pages/17.html", "tmp/test_output/test_user_pages/18.html", "tmp/test_output/test_user_pages/19.html", "tmp/test_output/test_user_pages/2.html", "tmp/test_output/test_user_pages/20.html", "tmp/test_output/test_user_pages/3.html", "tmp/test_output/test_user_pages/4.html", "tmp/test_output/test_user_pages/5.html", "tmp/test_output/test_user_pages/6.html", "tmp/test_output/test_user_pages/7.html", "tmp/test_output/test_user_pages/8.html", "tmp/test_output/test_user_pages/9.html", "uninstall.rb", "vendor/xss-shield/MIT-LICENSE", "vendor/xss-shield/README", "vendor/xss-shield/init.rb", "vendor/xss-shield/lib/xss_shield/erb_hacks.rb", "vendor/xss-shield/lib/xss_shield/haml_hacks.rb", "vendor/xss-shield/lib/xss_shield/safe_string.rb", "vendor/xss-shield/lib/xss_shield/secure_helpers.rb", "vendor/xss-shield/lib/xss_shield.rb", "vendor/xss-shield/test/test_actionview_integration.rb", "vendor/xss-shield/test/test_erb.rb", "vendor/xss-shield/test/test_haml.rb", "vendor/xss-shield/test/test_helpers.rb", "vendor/xss-shield/test/test_safe_string.rb", "manifest.txt", "tarantula.gemspec"]
|
12
|
+
s.has_rdoc = true
|
13
|
+
s.homepage = %q{http://opensource.thinkrelevance.com/wiki/tarantula}
|
14
|
+
s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Tarantula", "--main", "README.rdoc"]
|
15
|
+
s.require_paths = ["lib"]
|
16
|
+
s.rubyforge_project = %q{thinkrelevance}
|
17
|
+
s.rubygems_version = %q{1.2.0}
|
18
|
+
s.summary = %q{A big hairy fuzzy spider that crawls your site, wreaking havoc}
|
19
|
+
s.test_files = ["test/relevance/core_extensions/ellipsize_test.rb", "test/relevance/core_extensions/file_test.rb", "test/relevance/core_extensions/response_test.rb", "test/relevance/core_extensions/test_case_test.rb", "test/relevance/tarantula/attack_form_submission_test.rb", "test/relevance/tarantula/attack_handler_test.rb", "test/relevance/tarantula/crawler_test.rb", "test/relevance/tarantula/form_submission_test.rb", "test/relevance/tarantula/form_test.rb", "test/relevance/tarantula/html_document_handler_test.rb", "test/relevance/tarantula/html_report_helper_test.rb", "test/relevance/tarantula/html_reporter_test.rb", "test/relevance/tarantula/invalid_html_handler_test.rb", "test/relevance/tarantula/io_reporter_test.rb", "test/relevance/tarantula/link_test.rb", "test/relevance/tarantula/log_grabber_test.rb", "test/relevance/tarantula/rails_integration_proxy_test.rb", "test/relevance/tarantula/result_test.rb", "test/relevance/tarantula/tidy_handler_test.rb", "test/relevance/tarantula/transform_test.rb", "test/relevance/tarantula_test.rb"]
|
20
|
+
|
21
|
+
if s.respond_to? :specification_version then
|
22
|
+
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
23
|
+
s.specification_version = 2
|
24
|
+
|
25
|
+
if current_version >= 3 then
|
26
|
+
s.add_runtime_dependency(%q<htmlentities>, [">= 0"])
|
27
|
+
s.add_runtime_dependency(%q<hpricot>, [">= 0"])
|
28
|
+
s.add_runtime_dependency(%q<facets>, [">= 2.4.3"])
|
29
|
+
s.add_development_dependency(%q<echoe>, [">= 0"])
|
30
|
+
else
|
31
|
+
s.add_dependency(%q<htmlentities>, [">= 0"])
|
32
|
+
s.add_dependency(%q<hpricot>, [">= 0"])
|
33
|
+
s.add_dependency(%q<facets>, [">= 2.4.3"])
|
34
|
+
s.add_dependency(%q<echoe>, [">= 0"])
|
35
|
+
end
|
36
|
+
else
|
37
|
+
s.add_dependency(%q<htmlentities>, [">= 0"])
|
38
|
+
s.add_dependency(%q<hpricot>, [">= 0"])
|
39
|
+
s.add_dependency(%q<facets>, [">= 2.4.3"])
|
40
|
+
s.add_dependency(%q<echoe>, [">= 0"])
|
41
|
+
end
|
42
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
namespace :tarantula do
|
2
|
+
|
3
|
+
desc 'Run tarantula tests and (Mac only) open results in your browser.'
|
4
|
+
task :test do
|
5
|
+
rm_rf "tmp/tarantula"
|
6
|
+
task = Rake::TestTask.new(:tarantula_test) do |t|
|
7
|
+
t.libs << 'test'
|
8
|
+
t.pattern = 'test/tarantula/**/*_test.rb'
|
9
|
+
t.verbose = true
|
10
|
+
end
|
11
|
+
|
12
|
+
begin
|
13
|
+
Rake::Task[:tarantula_test].invoke
|
14
|
+
rescue RuntimeError => e
|
15
|
+
puts e.message
|
16
|
+
end
|
17
|
+
Dir.glob("tmp/tarantula/**/index.html") do |file|
|
18
|
+
if PLATFORM['darwin']
|
19
|
+
system("open #{file}")
|
20
|
+
elsif PLATFORM[/linux/]
|
21
|
+
system("firefox #{file}")
|
22
|
+
else
|
23
|
+
puts "You can view tarantula results at #{file}"
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
desc 'Generate a default tarantula test'
|
29
|
+
task :setup do
|
30
|
+
mkdir_p "test/tarantula"
|
31
|
+
template_path = File.expand_path(File.join(File.dirname(__FILE__), "..", "template", "tarantula_test.rb"))
|
32
|
+
cp template_path, "test/tarantula/"
|
33
|
+
end
|
34
|
+
end
|
@@ -0,0 +1,12 @@
|
|
1
|
+
require "#{File.dirname(__FILE__)}/../test_helper"
|
2
|
+
require "relevance/tarantula"
|
3
|
+
|
4
|
+
class TarantulaTest < ActionController::IntegrationTest
|
5
|
+
fixtures :all
|
6
|
+
|
7
|
+
def test_tarantula
|
8
|
+
post '/session', :login => 'quentin', :password => 'monkey'
|
9
|
+
follow_redirect!
|
10
|
+
tarantula_crawl(self)
|
11
|
+
end
|
12
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
require File.join(File.dirname(__FILE__), "../..", "test_helper.rb")
|
2
|
+
|
3
|
+
describe "Relevance::CoreExtensions::Object#ellipsize" do
|
4
|
+
it "converts nil to empty string" do
|
5
|
+
nil.ellipsize.should == ""
|
6
|
+
end
|
7
|
+
|
8
|
+
it "doesn't touch short strings" do
|
9
|
+
"hello".ellipsize.should == "hello"
|
10
|
+
end
|
11
|
+
|
12
|
+
it "calls inspect on non-strings" do
|
13
|
+
[1,2,3].ellipsize.should == "[1, 2, 3]"
|
14
|
+
end
|
15
|
+
|
16
|
+
it "shortens long strings and adds ..." do
|
17
|
+
"long-string".ellipsize(5).should == "long-..."
|
18
|
+
end
|
19
|
+
end
|
@@ -0,0 +1,8 @@
|
|
1
|
+
require File.join(File.dirname(__FILE__), "../..", "test_helper.rb")
|
2
|
+
require 'relevance/core_extensions/file'
|
3
|
+
|
4
|
+
describe "Relevance::CoreExtensions::File#extension" do
|
5
|
+
it "should return the extension without the leading dot" do
|
6
|
+
File.extension("foo.bar").should == "bar"
|
7
|
+
end
|
8
|
+
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
require File.join(File.dirname(__FILE__), "../..", "test_helper.rb")
|
2
|
+
require 'relevance/core_extensions/file'
|
3
|
+
|
4
|
+
describe "Relevance::CoreExtensions::Response#html?" do
|
5
|
+
before do
|
6
|
+
@response = OpenStruct.new
|
7
|
+
@response.extend(Relevance::CoreExtensions::Response)
|
8
|
+
end
|
9
|
+
|
10
|
+
it "should be html if the content-type is 'text/html'" do
|
11
|
+
@response.content_type = "text/html"
|
12
|
+
@response.should.be.html
|
13
|
+
@response.content_type = "text/html;charset=iso-8859-2"
|
14
|
+
@response.should.be.html
|
15
|
+
end
|
16
|
+
|
17
|
+
it "should not be html if the content-type isn't an html type" do
|
18
|
+
@response.content_type = "text/plain"
|
19
|
+
@response.should.not.be.html
|
20
|
+
end
|
21
|
+
|
22
|
+
# better ideas welcome, but be careful not to
|
23
|
+
# castrate tarantula for proxies that don't set the content-type
|
24
|
+
it "should pretend we have html if the content-type is nil" do
|
25
|
+
@response.content_type = nil
|
26
|
+
@response.should.be.html
|
27
|
+
end
|
28
|
+
|
29
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
require File.join(File.dirname(__FILE__), "../..", "test_helper.rb")
|
2
|
+
require 'relevance/core_extensions/test_case'
|
3
|
+
include Relevance::Tarantula
|
4
|
+
|
5
|
+
describe "TestCase extensions" do
|
6
|
+
it "can create the crawler" do
|
7
|
+
RailsIntegrationProxy.stubs(:rails_root).returns("STUB_RAILS_ROOT")
|
8
|
+
Crawler.any_instance.stubs(:rails_root).returns("STUB_RAILS_ROOT")
|
9
|
+
tarantula_crawler(stub_everything)
|
10
|
+
end
|
11
|
+
|
12
|
+
it "can crawl" do
|
13
|
+
(crawler = mock).expects(:crawl).with("/foo")
|
14
|
+
expects(:tarantula_crawler).returns(crawler)
|
15
|
+
tarantula_crawl(:integration_test_stub, :url => "/foo")
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,79 @@
|
|
1
|
+
require File.join(File.dirname(__FILE__), "..", "..", "test_helper.rb")
|
2
|
+
|
3
|
+
describe "Relevance::Tarantula::AttackFormSubmission" do
|
4
|
+
|
5
|
+
# TODO: add more from field types to this example form as needed
|
6
|
+
before do
|
7
|
+
@tag = Hpricot(<<END)
|
8
|
+
<form action="/session" method="post">
|
9
|
+
<input id="email" name="email" size="30" type="text" />
|
10
|
+
<textarea id="comment" name="comment"value="1" />
|
11
|
+
<input name="commit" type="submit" value="Postit" />
|
12
|
+
<input name="secret" type="hidden" value="secret" />
|
13
|
+
<select id="foo_opened_on_1i" name="foo[opened_on(1i)]">
|
14
|
+
<option value="2003">2003</option>
|
15
|
+
<option value="2004">2004</option>
|
16
|
+
</select>
|
17
|
+
</form>
|
18
|
+
END
|
19
|
+
@form = Relevance::Tarantula::Form.new(@tag.at('form'))
|
20
|
+
@fs = Relevance::Tarantula::AttackFormSubmission.new(@form, Attack.new({:name => 'foo_name', :input => 'foo_code', :output => 'foo_code'}))
|
21
|
+
end
|
22
|
+
|
23
|
+
it "can mutate text areas" do
|
24
|
+
@fs.mutate_text_areas(@form).should == {"comment" => "foo_code"}
|
25
|
+
end
|
26
|
+
|
27
|
+
it "can mutate selects" do
|
28
|
+
Hpricot::Elements.any_instance.stubs(:rand).returns(stub(:[] => "2006-stub"))
|
29
|
+
@fs.mutate_selects(@form).should == {"foo[opened_on(1i)]" => "2006-stub"}
|
30
|
+
end
|
31
|
+
|
32
|
+
it "can mutate inputs" do
|
33
|
+
@fs.mutate_inputs(@form).should == {"commit"=>"foo_code", "secret"=>"foo_code", "email"=>"foo_code"}
|
34
|
+
end
|
35
|
+
|
36
|
+
it "has a signature based on action, fields, and attack name" do
|
37
|
+
@fs.signature.should == ['/session', [
|
38
|
+
"comment",
|
39
|
+
"commit",
|
40
|
+
"email",
|
41
|
+
"foo[opened_on(1i)]",
|
42
|
+
"secret"],
|
43
|
+
"foo_name"
|
44
|
+
]
|
45
|
+
end
|
46
|
+
|
47
|
+
it "has a friendly to_s" do
|
48
|
+
@fs.to_s.should =~ %r{^/session post}
|
49
|
+
end
|
50
|
+
|
51
|
+
it "processes all its attacks" do
|
52
|
+
AttackFormSubmission.stubs(:attacks).returns([
|
53
|
+
Attack.new({:name => 'foo_name1', :input => 'foo_input', :output => 'foo_output'}),
|
54
|
+
Attack.new({:name => 'foo_name2', :input => 'foo_input', :output => 'foo_output'}),
|
55
|
+
])
|
56
|
+
Relevance::Tarantula::AttackFormSubmission.mutate(@form).size.should == 2
|
57
|
+
end
|
58
|
+
|
59
|
+
it "maps hash attacks to Attack instances" do
|
60
|
+
AttackFormSubmission.instance_variable_set("@attacks", [{ :name => "attack name"}])
|
61
|
+
AttackFormSubmission.attacks.should == [Attack.new({:name => "attack name"})]
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
describe "Relevance::Tarantula::AttackFormSubmission for a crummy form" do
|
66
|
+
before do
|
67
|
+
@tag = Hpricot(<<END)
|
68
|
+
<form action="/session" method="post">
|
69
|
+
<input value="no_name" />
|
70
|
+
</form>
|
71
|
+
END
|
72
|
+
@form = Relevance::Tarantula::Form.new(@tag.at('form'))
|
73
|
+
@fs = Relevance::Tarantula::AttackFormSubmission.new(@form, {:name => 'foo_name', :input => 'foo_code', :output => 'foo_code'})
|
74
|
+
end
|
75
|
+
|
76
|
+
it "ignores unnamed inputs" do
|
77
|
+
@fs.mutate_inputs(@form).should == {}
|
78
|
+
end
|
79
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
require File.join(File.dirname(__FILE__), "..", "..", "test_helper.rb")
|
2
|
+
include Relevance::Tarantula
|
3
|
+
|
4
|
+
describe "Relevance::Tarantula::AttackHandler" do
|
5
|
+
before do
|
6
|
+
@handler = Relevance::Tarantula::AttackHandler.new
|
7
|
+
attack = Attack.new({:name => 'foo_name', :input => 'foo_code', :output => '<bad>'})
|
8
|
+
@handler.stubs(:attacks).returns([attack])
|
9
|
+
end
|
10
|
+
|
11
|
+
it "lets safe documents through" do
|
12
|
+
result = @handler.handle(Result.new(:response => stub(:html? => true, :body => '<a href="/foo">good</a>')))
|
13
|
+
result.should == nil
|
14
|
+
end
|
15
|
+
|
16
|
+
it "detects the supplied code" do
|
17
|
+
result = @handler.handle(Result.new(:response => stub(:html? => true, :body => '<a href="/foo"><bad></a>')))
|
18
|
+
result.success.should == false
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
describe "Attacks without an output specified" do
|
23
|
+
it "never matches anything" do
|
24
|
+
handler = Relevance::Tarantula::AttackHandler.new
|
25
|
+
attack = Attack.new({:name => 'foo_name', :input => 'foo_code'})
|
26
|
+
Relevance::Tarantula::AttackFormSubmission.stubs(:attacks).returns([attack])
|
27
|
+
result = handler.handle(Result.new(:response => stub(:html? => true, :body => '<a href="/foo">good</a>')))
|
28
|
+
result.should == nil
|
29
|
+
end
|
30
|
+
end
|